Data breaches

If your personal information stored by a retailer somehow falls into unauthorized hands, how would you be notified? Or would you be notified at all?

The answer may well depend on where you live. And that’s not a very good answer.

The issue has gained added attention in recent months following two well-publicized data breaches at two national retailers. Target disclosed last December that 40 million credit and debit card accounts had been exposed between Nov. 27 and Dec. 15, while Neiman Marcus has said that it had a data breach involving 1.1 million credit and debit cards.

The potential impact for those card-holders is that they could become victims of identity theft and outsiders could basically steal money from those accounts.

In such instances as these, and in cases involving far fewer accounts, one of the chief questions is how quickly and in what manner should retailers let affected customers know of data breaches. As it stands now, there is no national standard for notifying customers, leaving any requirements to states for setting the rules.

Unfortunately, a few states, including Kentucky, have no laws on the books requiring notification, although a bill that would set standards is up for final action now in the Kentucky Legislature. In other states, the requirements can vary widely.

Both West Virginia and Ohio have notification statutes, and they are essentially the same.

With variations from state-to-state, there is an increasing call for setting a national standard, which makes sense. The key, though, is that any national standard must have customers’ interests as the main priority, rather than those of businesses.

The prospect of a national standard has groups on both sides of the issue concerned. Consumer groups worry that a nationwide rule would be less stringent than some of the tougher state laws now in force, while businesses don’t want a standard they would consider overly burdensome.

Congress has tried to tackle this problem in the past with no success. However, the recent episodes exposing the information of tens of millions people makes it clear that lawmakers should ensure that a national standard is put in place soon.